WebTPA Employer Services LLC, along with its business partners (Hartford Life, Anthem Blue Cross, and Elevance Health), faced a data breach between April 18–23, 2023, exposing sensitive private information of individuals. The incident led to a $13.75M class-action settlement, with affected individuals eligible for compensation (up to $5,000 for documented losses or $100 flat payments), plus two years of medical identity monitoring. The breach allegedly stemmed from inadequate data protection measures, compromising personal data stored/processed by WebTPA and its associates. California residents during the breach period qualified for an additional $50 statutory payment. The lawsuit claimed negligence in safeguarding data, though the companies denied wrongdoing but settled to avoid prolonged litigation. The exposed data likely included health insurance details, financial records, and personally identifiable information (PII), posing risks of identity theft, fraud, and reputational harm to victims.
Source: https://www.claimdepot.com/settlements/webtpa-data-settlement
TPRM report: https://www.rankiteo.com/company/webtpa
"id": "web2102221091125",
"linkid": "webtpa",
"type": "Breach",
"date": "4/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Individuals who received breach '
'notification (exact number '
'unspecified)',
'industry': 'Healthcare / Insurance',
'location': 'United States',
'name': 'WebTPA Employer Services LLC',
'type': 'Third-Party Administrator (TPA)'},
{'customers_affected': 'Individuals who received breach '
'notification (exact number '
'unspecified)',
'industry': 'Healthcare / Insurance',
'location': 'United States',
'name': 'Hartford Life and Accident Insurance Co.',
'type': 'Insurance Company'},
{'customers_affected': 'Individuals who received breach '
'notification (exact number '
'unspecified)',
'industry': 'Healthcare / Insurance',
'location': 'United States',
'name': 'Anthem Blue Cross Life and Health Insurance '
'Co.',
'type': 'Insurance Company'},
{'customers_affected': 'Individuals who received breach '
'notification (exact number '
'unspecified)',
'industry': 'Healthcare / Insurance',
'location': 'United States',
'name': 'Elevance Health Inc.',
'type': 'Health Benefits Company'}],
'customer_advisories': 'Claim submission instructions provided (online/mail); '
'deadlines: November 4, 2025 (claims), October 20, '
'2025 (opt-out), November 19, 2025 (final approval '
'hearing)',
'data_breach': {'data_exfiltration': 'Alleged (details unspecified)',
'personally_identifiable_information': 'Likely (based on '
'settlement terms '
'including medical '
'identity monitoring)',
'sensitivity_of_data': 'High (includes medical and personally '
'identifiable information)',
'type_of_data_compromised': 'Private information (potentially '
'including personally '
'identifiable information and '
'medical data)'},
'description': 'WebTPA Employer Services LLC, along with Hartford Life and '
'Accident Insurance Co., Anthem Blue Cross Life and Health '
'Insurance Co., and Elevance Health Inc., agreed to pay '
'$13,750,000 to settle a class action lawsuit alleging failure '
'to adequately protect private information, resulting in a '
'data security incident that exposed sensitive data of '
'individuals whose information was stored or processed by '
'WebTPA and its business partners between April 18, 2023, and '
'April 23, 2023.',
'impact': {'brand_reputation_impact': 'Significant (class action settlement '
'and public disclosure)',
'customer_complaints': 'Class action lawsuit filed by affected '
'individuals',
'data_compromised': 'Private information (sensitive data)',
'financial_loss': {'attorneys_fees': 'Up to $4,582,875',
'cash_payments': 'Remaining funds after '
'deductions',
'medical_monitoring_costs': '$90 per claim '
'(estimated)',
'service_awards': 'Up to $1,500 each for class '
'representatives',
'settlement_fund': '$13,750,000'},
'identity_theft_risk': 'High (medical identity theft insurance '
'offered up to $1,000,000)',
'legal_liabilities': '$13,750,000 settlement fund'},
'investigation_status': 'Settled (class action lawsuit resolved with $13.75M '
'fund)',
'post_incident_analysis': {'corrective_actions': '$13.75M settlement fund, '
'medical monitoring for '
'affected individuals, cash '
'payments for documented '
'losses',
'root_causes': 'Alleged failure to adequately '
'protect private information '
'(details unspecified in '
'settlement)'},
'references': [{'source': 'Class Action Settlement Notice (WebTPA Data '
'Incident)'},
{'source': 'Kroll Settlement Administration LLC'}],
'regulatory_compliance': {'fines_imposed': '$13,750,000 (settlement fund, not '
'a fine)',
'legal_actions': 'Class action lawsuit settled '
'(allegations denied by '
'defendants)'},
'response': {'communication_strategy': 'Breach notifications sent to affected '
'individuals, class action settlement '
'website and claim forms (online/mail)',
'recovery_measures': 'Medical monitoring (CyEx’s Medical Shield) '
'for 2 years, cash payments up to $5,000 '
'for documented losses or $100 flat payment',
'remediation_measures': '$13,750,000 settlement fund for '
'affected individuals',
'third_party_assistance': 'Kroll Settlement Administration LLC '
'(claims administration)'},
'stakeholder_advisories': 'Breach notifications sent to affected individuals; '
'settlement terms published for class members',
'title': 'WebTPA Employer Services LLC Data Breach Class Action Settlement',
'type': 'Data Breach'}